PHISHING

f o r   b e g i n n e r s

How to avoid becoming a victim of email fraud


what is

PHISHING?

‘Phishing’ is where someone tries to trick you into giving them your financial details or other confidential information, by using fake emails and fake websites.
They do this to make money by stealing from you and others through identity theft (where they pretend to be you).
Phishing damages lives and is illegal in most countries.

what's the catch with

PHISHING?

Like fishing for fish, these fraudsters dangle a baited hook to try to catch you.
Hooks are often found in emails.
A hook tricks you into giving them your personal information.
This website identifies some ‘hooks’ so you know what to look for in your emails, so you don’t get caught.

This is not a comprehensive list as new ways to trick you out of your money are invented all the time. The following material is a primer to help you to think about the possibilities of email scams when you are reading your messages.

Unwanted Attachments

Attachment with a .ZIP file type.
ZIP files are like filing cabinet drawers (they can contain any number of other files). You don’t know what is inside until you open it. Of course, by then can be too late.
Malicious programmes can sneak onto your computer through innocent looking email attachments.
Attachments to watch out for end in .PHP, .ZIP, .RAR, .HTM or .HTML, .JS, and there are some others.
The idea here is do not open anything you are unsure about.
Always keep your anti-virus software up-to-date, but even then some things can slip through. So better to be safe than sorry.

Tip 1

If you are unsure about an email attachment, delete the email without opening or saving the attachment. 

Poor grammar or spelling misteaks

Poor grammar or misspelled words.
Corporate / professional organisation emails sent from a legitimate source are unlikely to use bad grammar or misspelled words, especially something like an official notification.
First and foremost, where did NZ Post get your email address? I’ve never seen that line on a package label. So the fact that you got an email from them should send up alarm bells.
Next, the grammar is sooo bad, (underlined in blue on the sample) that there is no way this was written by someone who uses English as a first language, let alone a business in NZ.
There are other telltale signs, like bad links, etc, but those are covered on other pages.
The top two reasons should be enough warning. Delete it.
By the way, the word “misteaks” in the heading is intentionally spelt wrong. It’s a joke. Get it?

Tip 2

Business emails are usually spelt correctly. Even from NZ Post. 
Delete it.

Sad back story

Emotional back story with the promise of money.
So you want to be rich and help out this woman with a really sad story? See how many lies you can count in this example (I get 20). Remember, this person (probably not even a woman), is trying to commit identity fraud in your name.
This type of email preys upon good intentioned people by telling a sob story.
If you reply to the email, you will get another one asking for all sorts of personal information to “prove” you are who you say you are so you can access this money in some foreign bank.
Instead, they will take your information and open a bank account or credit card account in your name and rack up debt in your name.
Delete this type of email without replying.
In this example this woman is a widow, has no kids, is dying of cancer, is an orphan, wants to save her soul with God, wants to donate millions to charity, oh ... and she’s had a stroke. Sound plausible to you?

Tip 3

Any sad story with a pot of gold at the end of the rainbow is a lie. Delete it. 

Fake “make money from home”

This link at the bottom is dangerous.
A .PHP file type can have programs in it that could load a virus or other dangerous software onto your computer.
Everyone could do with a few extra thousand dollars, right?!
If you click on either link they take you to the same website, where you have a high risk of a virus or trojan being loaded onto your computer.
Even the job offer is a lie. If someone could really make that much money from sitting at home, do you think they would be emailing it out to everyone?
There are a number of similar scams out there, and some appear as adverts or pop-ups when you are browsing the internet.
Ignore them / delete them.

Tip 4

Legitimate job offers don’t come to you from unknown, unnamed internet businesses via email.  
Get a real job, and delete the email.

Bad links in PDF files

The link in the attached PDF is bad.
A legitimate file from Westpac would direct you to a Westpac bank website, which this clearly is not.
The file type .PDF is a legitimate file used by millions of people daily.
The main concern with this one is that it contains a website link that is supposedly from Westpac.
As it is not even from New Zealand – has a .ir country code – you can be sure your bank did not sent it to you (unless you have an account in Iran).
Chances are the website will load some malicious software onto you computer.
This type of misdirection is common. Only one choice, delete it.

Tip 5

Links to offshore websites are not from your bank.
Delete it.

Hacked email spam links

A link with no real message.
Hacked email accounts send out messages like the above two samples to distribute the website link. You can be sure the links contain bad stuff.
From time to time email accounts get accessed illegally by hackers. How and why are not really important, just know it’s bad.
What is important is that you identify that these emails are fake and delete them without clicking on the website link they contain.
Ways to detect them include ...
• There is no real message, just a generic short note.
• It comes from someone you know.
• It has a link to a site with no real name to it.
• It may (but not always) list a whole heap of other people in to TO: line.

Tip 6

Emails with no real message and a website link are spam from hacked email accounts. 
Do not click on the link. Delete it.

Not your bill

Is this bill really for me?
Fake bill notifications are a great way to sucker people into clicking on links. See how the website link in the email doesn’t match the link that it’s going to go to if you click on it.
There is of course one glaring error which tells us this email is a scam straight away. Can you see it?
So here we have an email where Spark has kindly sent us a reminder notice to pay a bill, complete with a convenient payment link and a copy of the invoice as a PDF link.
By holding our mouse over either the underlined link or the PDF button link (without clicking) the actual website link (URL) is displayed on the Status Bar at the bottom of the email window.
You can see they are very different. Obviously a scam. Do not click on the link. Delete the email.
Did you see the mistake? The subject line says it’s our Spark account. The fake link and sign-off say it’s from Vodafone. When did they merge?

Tip 7

Make sure the bill is from who they say it’s from.
If not, delete it. NEVER click on a login link in an email, even if you think it is legitimate.

You have won!

I won a prize in a competition I did not enter. Nice.
If all these prizes were real I would have retired on my own tropical beach with millions in my bank account years ago.
However convincing they make it sound, you didn’t win ... sorry.
In fact, if you send them the info they asked for, you lose – big time. Note that they say it’s only the first step and they will send you further instructions to verify who you are. Those will include sending a scanned copy of your passport and / or birth certificate.
Now they have everything they need to become you and commit identity theft/fraud worldwide.
I like the touch that says you cannot tell anyone or you may lose your prize. By anyone, I think they mean the police. lol

Tip 8

You cannot win a prize in a competition you did not enter. Microsoft, Samsung and other mega corporations do not give away free stuff or money.
Any email to the contrary, delete it.

Error with your account, log in

No ... your account is actually fine.
NEVER log into an account from an email link.
There, I’ve said it. Now don’t forget it.
If an email says you have a problem with your account, and it IS legitimate, they will NOT ask you to click on the link in the email to log in.
All others, are scams.
Common scam emails target people with the following accounts ...
• Amazon    • Westpac    • Paypal
• BNZ    • ASB    • ANZ    • Netflix
The emails may look convincing, but a quick mouse over the links will show you (in the Status Bar at the bottom) that they are fake.
Do not click on the links. Delete the email.

Tip 9

Your bank will never send you an email with a login link.
If you get one, do not click on the link. Delete it.

The granddaddy of email scams

They will give you millions in return for what?
This Nigerian email scam has been around for many, many years. If you reply to the email you will get a list of required information just like the You Have Won scam, and then they will ask you for money.
The Nigerian email scam is very common, and is the predecessor of many of the more recent email scams.
The emails are from crooks trying to steal your money or your identity. Inevitably, emergencies come up, requiring more of your money and delaying the "transfer" of funds to your account.
In the end, there aren't any profits for you, and your money is gone along with the thief who stole it.
According to US State Department reports, people who have responded to these emails have been beaten, subjected to threats and extortion, and in some cases, murdered.

Tip 10

If it sounds too good to be true, it isn’t (true).
Delete it.

Last minute round-up

A few general computer tips as a caution.
If this screen comes up on your computer, shut it down immediately and seek professional help.
This type of virus is from an email attachment and it’s called Ransomware. Basically, unless you pay them the ransom money outlined in the screen, your files are gone.
Never pay these extortionists as once they have your money you are still unlikely to actually get your files back.
It is recommended that you do regular backups of important files on your computer to an external USB hard drive (ask if you are not sure what this is).

Apart from email scams there are a couple of other scams you need to watch out for on your computer.

One is where someone will phone you saying they are from Microsoft or Spark or something similar and that there is a problem with your computer. They will ask you to give them ‘remote access’ so they can fix the problem. ‘Remote access’ means they can use your computer from where they as if they were sitting at your computer.  

Never give someone remote access. They will install software that enables them to copy your files and steal your passwords and personal information. 

Another scam is where you are browsing the web and a warning pops up saying something like “Your computer is running too slow, click here to fix it”. It’s a scam. Do not click on it as it will install virus software on your computer. 


Tip 11

Backup data regularly to an external hard drive.
Don’t give anyone remote access to your computer.
Don’t click on pop-up adverts while on the web.

how can I avoid

PHISHING?

Other than never emailing again, there is no foolproof way to avoid email scams.
But just like always having up to date anti-virus software running on your computer will reduce the risk of infection, by following the steps outlined in this website you can reduce the risk of becoming an email scam victim.
Good luck.

my scam safety

CHECKLIST

• Keep my anti-virus software up-to-date
• Read all emails carefully
• Never use email links to log into accounts
• Don’t post personal details on social media sites
• Always check website links before clicking on them (mouse over)
• Never give someone remote access to your computer
• Don’t click on pop-up adverts
• Never share personal information online
• If it’s sounds too good to be true, it isn’t (true)
• Do not forward chain letter emails
• Use secure payment services like PAYPAL when buying online

don't become a

VICTIM

© Copyright 2016 Andrew Kerr - All Rights Reserved